I have created a problem for myself regarding the Set Users Permissions Action. This is how the workflow functions. When the initiator submits a request they have the permissions to edit the item that they submitted UNTIL a Reviewer changes the status to Approved or denied(Through the "..." edit start menu list) Once the reviewer reviews the item the initiator cannot go back and edit said item because of the set user permissions Action.
Now the workflow works without a hitch.. BUT we forgot to set the "set user permissions" action so that any full control users always have the power to edit/delete the items. Being that we just found out that this is a problem... we can not edit/delete previously submitted request...even though we have full control.
We now have a TON of test requests and have no way to delete them. We can delete new requests because we have updated the workflow.
Steps taken to fix this issue:
1) Create a delete item workflow
2) removed the set user permissions workflow
3) Deleting the Items in SPD
Our Next Step is to ask our admin to see if he can delete the items individually.... But before we ask him I wanted to see if there was an easier/answer to this problem.
I believe you're going down the right path. Since you removed the permissions, only a Site Admin will have permissions to do what you need.
Unless you want to build a workflow that finds all those items and deletes them, then you can just get the Site Admin to run that workflow and it will run in that users context, and might same them a bunch of manual work.
We tried to add a delete item workflow but again it came up with the error. I asked the site admin to delete them... just waiting on him to do it.
Another option that I thought was to just filter the data to only show items after we fixed the workflow. It wont delete the data obviously but at least you wont see it.